To gain access to a secure system (e.g., an industrial control system) a user (e.g., operator, employee, supervisor, administrator, and/or auditor) may be granted certain permissions (e.g., access rights, privileges, etc.) which may allow the user to access particular areas of the system.
Current approaches to granting permissions may include assigning permissions on a per-user basis (e.g., via passwords and/or user IDs). Such an approach may involve a static configuration of a list (e.g., map) associating users with permissions. However, such a list may be prohibitively detailed, and/or may overallow access in particular cases. Further, such a list may be difficult to update and may thus be updated infrequently.
For example, if an employee is terminated, current approaches may still allow the employee access to the system for a long period of time, thereby producing a number of security risks, for instance. As an additional example, if an employee advances in training, current approaches may cause granted permissions to lag behind the employee's job description, abilities, and/or skills.